Strongswan IPsec 配置

我正在配置站点到站点的 ipsec 隧道，但远程主机的详细信息非常少。在我的服务器上，我使用 strongswan 和以下 ipsec.conf：

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ike
        authby=secret

conn testconn
        type=tunnel
        left=xx.xx.xx.xx
        leftsubnet=192.168.26.0/24
        leftfirewall=yes
        right=xx.xx.xx.xx
        rightsubnet=192.168.0.0/16
        auto=add
        #ike = 3des-sha1-modp1024!
        #esp = aes256-sha1,aes192-sha1,aes128-sha1!

运行 ipsec statusall 提供以下输出：

Connections:
    testconn:  xx.xx.xx.xx...xx.xx.xx.xx  IKEv1/2
    testconn:   local:  [xx.xx.xx.xx] uses pre-shared key authentication
    testconn:   remote: [xx.xx.xx.xx] uses pre-shared key authentication
    testconn:   child:  192.168.26.0/24 === 192.168.0.0/16 TUNNEL
Security Associations (1 up, 0 connecting):
    testconn[40]: ESTABLISHED 38 seconds ago, xx.xx.xx.xx[xx.xx.xx.xx]...xx.xx.xx.xx[xx.xx.xx.xx]
    testconn[40]: IKEv1 SPIs: dcefb2530519ff71_i cb8bca41ca831f41_r*, pre-shared key reauthentication in 53 minutes
    testconn[40]: IKE proposal: AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024

但是，我子网中的主机无法访问另一个子网中的主机。系统日志中显示以下内容：

received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ
charon: 16[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
charon: 16[IKE] received 3600s lifetime, configured 1200s
charon: 16[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN

但我很困惑，因为我不明白到底哪里出了问题。如果能提供建议我将不胜感激。